Public key cryptography provides strong (mutual) authentication, digital signatures (with non-repudiation), and encryption. The use of public key systems may prevent certain security problems related to authentication, access control, and data security. However, for many users, the adoption of public keys is not intuitive. For example, it may not be readily obvious to some users how to create and use a public key, or how verify another user's identity with their public key. In addition, without widespread adoption of a related art system, it may not be easy for users to share public keys.
In some instances, the related art suggests generating public/private key pairs and announcing the public key on a user's social network accounts. These related art methods link the announced public key to the user's social network account, implicitly relying on a verified link between the user and his/her social network account. However, a person may not be reliably associated with a social network account. For example, these related art systems may be compromised by creating a counterfeit social network account, or by gaining control of a legitimate social network account.
Other related art approaches suggest the use of biometrics (e.g., a fingerprint or a self-image) to authenticate a user. However, if a biometric of the related art system compromised, the biometric may not be reused. In other words, a user only has one set of fingerprints and one physical appearance. Therefore, if a malicious actor gets a copy of the user's fingerprints or the user's self-image, the malicious actor may access any system secured using the biometric.
In addition, related art techniques often require account recovery based on user knowledge (e.g., password, birthday, social security number, or mother's maiden name), static biometrics (e.g., fingerprint or iris pattern), or security apparatuses (e.g., phone or security token). However, information, including static biometrics, may be compromised, and security apparatuses may be lost, stolen, or destroyed, creating additional burdens for account recovery and authentication.